(Cat? OR feline) AND NOT dog?
Cat? W/5 behavior
(Cat? OR feline) AND traits
Cat AND charact*

This guide provides a more detailed description of the syntax that is supported along with examples.

This search box also supports the look-up of an IP.com Digital Signature (also referred to as Fingerprint); enter the 72-, 48-, or 32-character code to retrieve details of the associated file or submission.

Concept Search - What can I type?

For a concept search, you can enter phrases, sentences, or full paragraphs in English. For example, copy and paste the abstract of a patent application or paragraphs from an article.

Concept search eliminates the need for complex Boolean syntax to inform retrieval. Our Semantic Gist engine uses advanced cognitive semantic analysis to extract the meaning of data. This reduces the chances of missing valuable information, that may result from traditional keyword searching.

Due to the flexibility in how text-based malicious code can be represented, detecting them at high speed using limited computing resources and without compromising detection capabilities is a challenge. Known solutions to the problem including exact string searching and regular expression matching have known drawbacks such as the increase use of CPU and/or memory resources as the number of strings to search for or the number of regular expressions to match for increases. New and clever methods need to be developed to solve this problem.

Method Description

The Malicious Code Fingerprinting method is a resilient and efficient method for detecting text-based malicious code. The method is resilient to minor changes to the text-based malicious code wherein minor changes such as the addition of garbage code/data/markup and modification of unimportant parts of the code would still result in a detection. The method is also well adaptable or can be optimized to run with minimal memory usage, run in streaming mode, and run at very fast speeds. Thus, the method is very well suited for Intrusion Detection/Prevention (IDS/IPS) Systems and Antivirus software which are expected to run at very high speeds without compromising detection capabilities.

Method Details

The Malicious Code Fingerprinting method involves breaking a text-based malicious code such as JavaScript* and HTML into tokens, then for each token that is deemed "interesting", meaning the token is part of the detection, a value called the "fingerprint" is updated using the token's content and a small mathematical transformation such as a hash function - this is a type of rolling transformation for the purpose of identifying malicious code interpolated within a greater amount of code. Then every time the fingerprint is updated, the fingerprint is matched against a list of known malicious fingerprints. If the resulting fingerprint is found to be a malicious fingerprint, detection will be triggered.

The described fingerprinting method is resilient against any addition, removal, modification of any non-interesting tokens (e.g. addition of garbage code/data/markup, modifications of easily replaceable variable/function names, etc.) in the malicious code. Also important is that the operations needed for fingerprinting are simple operations such as hash functions which can be easily optimized to run with minimal computing resources.

Method Flow Chart

The flow chart below describes how the Malicious Code Fingerprinting...